Menu
I am wonder, whether it could work..
We have services FOO and BAR, they are running it the same cluster with Docker Registry. Let's imagine this cluster is for production, not for development
We have CI/CD system which is responsible for building images and pushing them to docker registry.
Docker registry is used only in kubernetes private network, we wont push or pull images outside of cluster, because... Why should i do that?
+-----------------------------------------------+
| |
| KUBERNETES |
| +-------+ |
| | VCS | +----------+ |
| | <----------+ | |
| | | | CI/CD | |
| +-------+ +-------+ | |
| | +----------+ |
| | |
| | +-----+ |
| +--------v-----+ <-----+FOO | |
| | INSECURE | +-----+ |
| | DOCKER | +-------+ |
| | REGISTRY | <---------+BAR | |
| +--------------+ +-------+ |
+-----------------------------------------------+
^
|
|
+
USERS
Is it possible to create docker registry with self signed certificate, and setup kubernetes to trust this registry?
Or this is overhead and it's better just use good certificate and go over public network?
Where do you store production ready docker images and where for staging?
353
Container registries can connect directly to container orchestration platforms like Docker and Kubernetes. Container registries save developers valuable time in the creation and delivery of cloud-native applications, acting as the intermediary for sharing container images between systems.
An insecure registry is a registry without a valid TLS certificate, or one which only supports HTTP connections. For self-signed registries, see this page. An insecure registry can be set manually.
To resolve it, double check the pod specification and ensure that the repository and image are specified correctly. If this still doesn't work, there may be a network issue preventing access to the container registry. Look in the describe pod text file to obtain the hostname of the Kubernetes node.
Well, this looks like a very theoretical question. The only question which is could be answered unequivocally is:
Is it possible to create docker registry with self signed certificate, and setup kubernetes to trust this registry?
Of course, you can deploy your own Docker registry, e.g. Artifactory or something else. You definitely can create self signed certificate an use it, as well as you can use certificate issued by one of the Certificate Authorities. (note that it could be free, via Let's Encrypt, for example)
Moving forward, to trust registry or not - it is not Kubernetes' task. It is a runtime's task, e.g. Docker or Rkt. So, if you want to use private registry, you will have to configure runtime's client to work with your registry, no matter secure or not.
Everything else is not so clear-cut as we might think. The only thing i want to say is: practice shows that if You going to do something You have to do it Your way
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
